CVE-2023-22331

Use of default credentials vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information...

CVE-2023-28399

The CVE-2023-28399 issue affects CONPROSYS HMI System (CHS) before version 3.5.3. The root cause is an incorrect ACL permissions setup on the local installation folder, granting a wide range of privileges to a PC user. Impact, as described in the sources, includes potential destruction of the sys...

CVE-2023-28651

CONPROSYS HMI System (CHS)

CVE-2023-28713

The CVE-2023-28713 entry concerns CONPROSYS HMI System (CHS) prior to version 3.5.3, where account information for the database is stored in plaintext in a local file. This allows someone with access to the host PC to obtain sensitive data and potentially modify database contents. The vulnerabili...

CVE-2023-29154

CVE-2023-29154 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The vulnerability is an SQL injection that allows a user with administrative privileges to execute arbitrary SQL commands through specially crafted input on the query setting page. Several sources (including CVE list...

CVE-2023-28824

CVE-2023-28824 affects Contec CONPROSYS HMI System (CHS) prior to version 3.5.3. The issue is a server-side request forgery (SSRF) vulnerability where an administrator can bypass the query-setting database restrictions and connect to a user-unintended database. Root cause details in connected doc...

Contec CONPROSYS HMI System (CHS) Detection

Binary data contecchsdetect.nbin...

chs-consulting.eu Cross Site Scripting vulnerability OBB-3207183

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GoAnywhere zero-day opened door to Clop ransomware

A semi-active ransomware group has claimed it is behind a string of attacks which have taken advantage of a zero-day vulnerability in GoAywhere MFT. The Russian-linked Clop ransomware group says it was able to remotely attack private systems using exposed GoAnywhere MFT administration consoles...

CVE-2023-22324

CVE-2023-22324 affects CONPROSYS HMI System (CHS) versions 3.5.0 and earlier. The vulnerability is an SQL injection in CHS that allows a remote authenticated attacker to execute arbitrary SQL commands, potentially exposing information stored in the database. The available connected sources descri...

CVE-2023-22331

CVE-2023-22331 affects CONPROSYS HMI System (CHS) by a default-credentials vulnerability in versions 3.4.5 and earlier, allowing a remote unauthenticated attacker to alter user credentials information. The issue arises from use of default credentials (CWE-1392) in CHS, with a CVSS v3 base score o...

CVE-2023-22373

CVE-2023-22373 affects CONPROSYS HMI System (CHS) up to version 3.4.5. The vulnerability is a Cross-site Scripting (CWE-79) in the web interface used by the administrative user, allowing a remote authenticated attacker to inject arbitrary scripts and potentially obtain sensitive information. Vend...

CVE-2023-22339

CONPROSYS HMI System (CHS) by Contec is affected by CVE-2023-22339 due to improper access control in 3.4.5 and earlier. This vulnerability could let a remote unauthenticated attacker bypass access restrictions and obtain the server certificate, including the private key. Affected versions: 3.4.5 ...

PT-2023-7703 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions 3.4.5 and earlier Description: The issue is related to the use of a password hash instead of the password for authentication, allowing a remote authenticated attacker to obtain user credentials information vi...

CVE-2022-44456

CONTEC CONPROSYS HMI System (CHS) versions 3.4.4 and earlier are affected by CVE-2022-44456, an OS command injection vulnerability that allows a remote unauthenticated attacker to execute arbitrary OS commands on the server by sending a specially crafted request. Reported impact is remote code ex...

chs-savoie.fr Improper Access Control vulnerability OBB-1495157

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

chs-shc.gc.ca Cross Site Scripting vulnerability OBB-1313280

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

chs-savoie.fr XSS vulnerability

Open Bug Bounty ID: OBB-568005 Description| Value ---|--- Affected Website:| chs-savoie.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

chattooga.chs.schoolfusion.us XSS vulnerability

Open Bug Bounty ID: OBB-227919 Description| Value ---|--- Affected Website:| chattooga.chs.schoolfusion.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

wpmediaholder-sql.txt

------------------------------------------------------------------- WordPress Media Holder id Sql injetion vulnerability! ------------------------------------------------------------------- ------------------------------------------------------------------- Author: boom3rang Greetz: H!tM@N - KHG ...